On 10/22/07, Andy Green <andy@xxxxxxxxxxx> wrote: > You can cryptographically sign a hash of the executable and append the > signature to the executable itself. That way they can discover > tampering or change because the bad guy can't regenerate the sig as he > lacks both keys. If the intruder has gained root, he doesn't need the actual private key, he can just modify your signature checking program to give false negatives for his hacks. > But it seems to me it's not where the real problems are for servers. > The real problems are in PHP or other scripts that accept user input as > PHP code or database queries one way or another, This is a good point. Those are the sorts of vulnerabilities that get the intruder in the door in the first place. Modifying your binaries comes later. Dave
